Address
Form of workJob Description
Job Posting Title:Identity, Credential, and Access Management (ICAM) Systems Engineer
Special Requirement
This position requires the ability to obtain and maintain a clearance from the Department of Energy.
Purpose
East Tennessee company is seeking qualified applicants for an Identity, Credential, and Access Management (ICAM) Systems Engineer position to support their computing operations group. This group is responsible for the access and authentication infrastructure required to support 10,000+ Windows, Mac and Linux desktops, laptops, servers, and applications. The successful candidate will have a strong understanding of federated identity, authentication and authorization technologies, ideally including SAML, Kerberos, Active Directory, LDAP, OAuth, and OpenID-Connect.
Major Duties/Responsibilities
Primary duties will include:
- Serve as a Subject Matter Expert (SME) for enterprise access and authentication infrastructure
- Collaborate with other SMEs to ensure the reliable, effective, and secure operation of client IT systems
- Contribute to the development of solution and enterprise architecture involving authentication, particularly federated identity and single sign on
- Serve as one of InCommon Federation Site Administrators
- Manage the operation of Federated Identity, Authentication, and Authorization infrastructure
- Provide design and operational support for SAML, WS-Federation, OAuth, OpenID-Connect, JSON Web Token, and Open Token Authentication Systems based on Ping Federate, including integration of these systems to back-end directory services
- Perform monitoring and troubleshooting tasks
- Configure and manage identity provider and service provider connections
- Develop tools for automation for routine administrative and monitoring tasks
- Manage the operation of LDAP infrastructure systems using OpenLDAP
- Manage the operation of SecurID infrastructure
- Serve as a key SME for Public Key Infrastructure (PKI), particularly as it relates to X.509 certificates for client authentication
Required Qualifications
- Bachelor's degree in an Information Technology-related field plus 5 years of relevant work experience or 10 years of relevant work experience
- Experience with authentication technologies (i.e. Active Directory) and concepts. Must possess a strong desire to learn federated identity management technologies (i.e. SAML).
- Significant experience scripting in both Linux and Windows environments
- Experience using data analysis (such as from logs), monitoring, and automation to improve operational excellence, reduce operational labor, and improve the overall security posture
- Excellent interpersonal skills suitable for user support and ability to work well with peers
- Experience in an environment requiring change control processes
- Demonstrated ability to perform job tasks while considering cyber security risk of those tasks, and consulting with security professionals when necessary.
- Demonstrated capabilities to work in a dynamic environment and translate user needs into actionable project plans and see those plans through execution while balancing needs for short-term, high-priority tasks.
- Good written and verbal communication skills
- Ability to work in a group and alone on various projects
- Ability to time manage and prioritize projects
- Good documentation skills
- Demonstrated analytical and problem solving skills
- Strong commitment to ethical and professional values
Desired Qualifications
- A minimum of 2 years of experience with authentication and authorization technologies in an large environment, specifically including experience with the use of Kerberos, SAML, and OAuth for authentication. Experience with Ping Federate is particularly desired.
- Experience working with federated identity management infrastructure, including the configuration and management of SAML- and OAuth-based identity provider and service provider connections
- Experience in deploying and managing Public Key Infrastructure technologies, particularly including Microsoft PKI tools
- Strong knowledge of multiple operating systems
- Experience with DevOps and with configuration management tools, with Ansible particularly preferred
- Advanced understanding of Microsoft server technologies specific to domain controllers, and all AD associated services such as ADFS, DNS, DHCP, DFS and GP
- Previous experience working in a government, scientific, or other highly technical environment
